openvpn: calyx: fix CA and IPv4
[julm/julm-nix.git] / homes / julm.nix
index 62c7f9b1bc97785114f8ac5b52337bc7ffbc57a9..1104fe845678ca8be5b79f49c746da96a3050d8a 100644 (file)
 { pkgs, lib, config, hostName, ... }:
 {
-imports = [
-  ./softwares.nix
-  ./options.nix
-  julm/mutt.nix
-  (import (julm/hosts + "/${hostName}.nix"))
-];
-host.desktop = lib.elem hostName [ /*"losurdo"*/ "oignon" ];
-host.server = lib.elem hostName [ "losurdo" "mermet" ];
-host.admin = lib.elem hostName [ "losurdo" "mermet" "oignon" ];
-host.developer = lib.elem hostName [ "losurdo" "oignon" ];
-host.media = lib.elem hostName [ "losurdo" "oignon" ];
-programs.bat.enable = with config.host; admin || developer;
-programs.bash.enable = true;
-#programs.broot.enable = true;
-programs.doom-emacs.enable = config.host.developer;
-programs.firefox = {
-  enable = config.host.desktop;
-  profiles =
-    let defaultProfile = {
-      settings = {
-        "browser.bookmarks.showMobileBookmarks" = true;
-        "browser.search.isUS" = false;
-        "browser.search.region" = "FR";
-        "distribution.searchplugins.defaultLocale" = "fr-FR";
-        "general.useragent.locale" = "fr-FR";
-        "security.identityblock.show_extended_validation" = true;
-        "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
-      };
-      userChrome = builtins.readFile softwares/firefox/userChrome.css;
-    }; in {
-      "rp4xy6ye.2021" = lib.mkMerge [defaultProfile {
-        id = 0;
-        name = "2021";
-        settings = {
-          "browser.startup.homepage" = "https://code.sourcephile.fr";
-        };
-      }];
-      "8y3d28fa.tor" = lib.mkMerge [defaultProfile {
-        id = 1;
-        name = "tor";
+  imports = [
+    ../home-manager/profiles/essential.nix
+    ../home-manager/profiles/vim.nix
+    ../home-manager/options.nix
+    julm/mutt.nix
+    (import (julm/hosts + "/${hostName}.nix"))
+  ];
+  programs.bash.shellAliases = {
+    firefox-calyx = "sudo systemd-run -P -p JoinsNamespaceOf=netns-calyx.service -p PrivateNetwork=true -p BindReadOnlyPaths=/etc/netns/calyx/resolv.conf:/etc/resolv.conf -E DISPLAY=$DISPLAY -p User=julm -E DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS -E LANG=$LANG -E LOCALE_ARCHIVE=$LOCALE_ARCHIVE -E PATH=$PATH -- firefox -P calyx";
+  };
+  programs.firefox.profiles =
+    let
+      defaultProfile = {
         settings = {
-          "browser.startup.homepage" = "https://check.torproject.org";
+          "browser.bookmarks.showMobileBookmarks" = true;
+          "browser.compactmode.show" = true;
+          "browser.search.isUS" = false;
+          "browser.search.region" = "FR";
+          "distribution.searchplugins.defaultLocale" = "fr-FR";
+          "dom.security.https_first" = true;
+          "dom.security.https_only_mode" = true;
+          "general.useragent.locale" = "fr-FR";
+          "privacy.globalprivacycontrol.enabled" = true;
+          "privacy.globalprivacycontrol.functionality.enabled" = true;
+          "security.identityblock.show_extended_validation" = true;
+          "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+          #"privacy.firstparty.isolate" = true;
         };
-      }];
+        userChrome = lib.readFile ../home-manager/profiles/firefox/userChrome.css;
+      };
+    in
+    {
+      "0yplujgj.2022" = lib.mkMerge [
+        defaultProfile
+        {
+          id = 0;
+          name = "2022";
+          settings = {
+            "browser.startup.homepage" = "https://democracynow.org";
+          };
+        }
+      ];
+      "8y3d28fa.tor" = lib.mkMerge [
+        defaultProfile
+        {
+          id = 1;
+          name = "tor";
+          settings = {
+            "browser.startup.homepage" = "https://check.torproject.org";
+            "privacy.firstparty.isolate" = true;
+          };
+        }
+      ];
+      "zqa1ck7d.calyx" = lib.mkMerge [
+        defaultProfile
+        {
+          id = 2;
+          name = "calyx";
+          settings = {
+            "browser.startup.homepage" = "https://icanhazip.com";
+            "privacy.firstparty.isolate" = true;
+          };
+        }
+      ];
     };
-};
-programs.gpg.enable = with config.host; admin || developer;
-home.file."${config.programs.gpg.homedir}/gpg.conf".text = ''
-  # julm@autogeree.net
-  trusted-key 0xD15AF7F467E8299B
-  # julm@sourcephile.fr (2021-08-12)
-  trusted-key 0xA58CD81C3863926F
-'';
-services.gpg-agent.enable = with config.host; admin || developer;
-services.gpg-agent.sshKeys = [
-  # julm@autogeree.net
-  "D275EBA09C7E1FFBFB47F6EEF164E6D56FB24AB2"
-  # julm@sourcephile.fr (2021-08-12)
-  "3D94D14514F1EA2B6D62F1275D888897B082415D"
-];
-programs.direnv.enable = config.host.developer;
-programs.htop.enable = config.host.admin;
-programs.irssi.enable = hostName == "mermet" || hostName == "losurdo";
-programs.irssi.extraConfig = builtins.readFile julm/irssi/config;
-home.file.".irssi/passwd".text = ''
-  FreeNode   : ${pkgs.pass}/bin/pass freenode.net/irc/julm
-  GeekNode   : ${pkgs.pass}/bin/pass geeknode.org/irc/julm
-  IndyMedia  : ${pkgs.pass}/bin/pass indymedia.org/irc/julm
-  Libera     : ${pkgs.pass}/bin/pass libera.chat/irc/julm
-  OFTC       : ${pkgs.pass}/bin/pass oftc.net/irc/julm
-  ToileLibre : ${pkgs.pass}/bin/pass toile-libre.org/irc/julm
-'';
-programs.man.enable = config.host.developer;
-programs.neovim.enable = config.host.developer;
-programs.ssh.enable = config.host.admin;
-programs.ssh.matchBlocks."lan.losurdo.sourcephile.fr" = {
-  compression = true; # Helps to get a better framerate with forwardX11
-  forwardX11 = true;
-  forwardX11Trusted = true;
-  serverAliveInterval = 15;
-};
-programs.tmux.enable = with config.host; admin || developer;
-programs.vim.enable = with config.host; admin || developer;
-manual.manpages.enable = config.host.developer;
-programs.git = {
-  enable = with config.host; admin || developer;
-  userName = "Julien Moutinho";
-  userEmail = "julm@sourcephile.fr";
-  signing.key = "0x7182433A39582282929B2A222E3618DD0D087650";
-  signing.signByDefault = false;
-  package =
-    if lib.elem hostName [ "losurdo" "oignon" ]
-    then pkgs.gitFull
-    else pkgs.gitMinimal;
-  extraConfig = {
-    sendemail.smtpEncryption = "ssl"; # Yes, "ssl", not "tls" which does not work because it expects STARTTLS.
-    sendemail.smtpServer = "mail.sourcephile.fr";
-    sendemail.smtpServerPort = "465";
-    sendemail.smtpUser = "julm@sourcephile.fr";
-  };
-};
-services.redshift.enable = lib.mkDefault config.host.desktop;
-xsession.enable = lib.mkDefault config.host.desktop;
-xsession.windowManager.xmonad.enable = lib.mkDefault config.host.desktop;
-home.stateVersion = "20.09";
-home.sessionPath = [ "${config.home.homeDirectory}/bin" ];
-home.sessionVariables = {
-  EDITOR = "vim";
-  LANG = "fr_FR.UTF-8";
-  LESS = "-FRSX";
-  LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
-  MANPAGER = "less";
-};
-# Warning: triggers a rebuild of mumble
-#nixpkgs.config.mumble.speechdSupport = lib.mkDefault config.host.desktop;
-home.packages =
-  lib.optionals config.host.desktop [
-  #pkgs.chromium
-  #pkgs.ristretto
-  #pkgs.transmission-gtk
-  #(pkgs.texlive.combine { inherit (pkgs.texlive) scheme-medium xdvi; })
-  (pkgs.texlive.combine { inherit (pkgs.texlive) scheme-medium xdvi ucs; })
-  pkgs.amule
-  pkgs.calibre
-  pkgs.dino
-  pkgs.djview
-  pkgs.dmenu
-  pkgs.evince
-  pkgs.freeciv_gtk
-  pkgs.gajim
-  pkgs.geeqie
-  pkgs.gimp
-  pkgs.glxinfo
-  pkgs.gparted
-  pkgs.gpicview
-  pkgs.hicolor-icon-theme
-  pkgs.keepass
-  pkgs.libdvdcss
-  pkgs.libreoffice
-  pkgs.liferea
-  pkgs.mpv
-  pkgs.mumble
-  pkgs.networkmanager-openvpn
-  pkgs.networkmanagerapplet
-  pkgs.nix-du
-  pkgs.pavucontrol
-  pkgs.pdftk
-  pkgs.poppler_utils
-  pkgs.thunderbird
-  pkgs.vlc
-  pkgs.xclip
-  pkgs.xorg.xkill
-  pkgs.xsane
-  pkgs.yubikey-personalization-gui
-  ] ++ lib.optionals config.host.media [
-  #pkgs.amfora
-  #pkgs.browsh
-  #pkgs.glib # gio
-  #pkgs.go-mtpfs
-  #pkgs.gvfs
-  #pkgs.onionshare
-  pkgs.aria2
-  pkgs.convmv
-  pkgs.croc
-  pkgs.ffmpeg
-  pkgs.gtk-pipe-viewer
-  pkgs.imagemagick
-  pkgs.lftp
-  pkgs.mastodon-archive
-  pkgs.mplayer
-  pkgs.ntfs3g
-  pkgs.podl
-  pkgs.stig
-  pkgs.yt-dlp
-  ] ++ lib.optionals config.host.admin [
-  #pkgs.compsize
-  #pkgs.dnsutils
-  #pkgs.inetutils
-  #pkgs.linuxPackages.cpupower
-  #pkgs.ranger
-  pkgs.acpi
-  pkgs.bmon
-  pkgs.cachix
-  pkgs.cryptsetup
-  pkgs.curl
-  pkgs.dstat
-  pkgs.e2fsprogs
-  pkgs.ethtool
-  pkgs.exa
-  pkgs.file
-  pkgs.hwinfo
-  pkgs.knot-dns
-  pkgs.ldns
-  pkgs.lf
-  pkgs.lm_sensors
-  pkgs.lsof
-  pkgs.lsscsi
-  pkgs.miniupnpc
-  pkgs.mosh
-  pkgs.ncdu
-  pkgs.nmon
-  pkgs.nnn
-  pkgs.openssl
-  pkgs.parted
-  pkgs.pass
-  pkgs.pciutils
-  pkgs.powertop
-  pkgs.procps
-  pkgs.pv
-  pkgs.rdfind
-  pkgs.smartmontools
-  pkgs.sshfs
-  pkgs.strace
-  pkgs.stress-ng
-  pkgs.tcpdump
-  pkgs.tree
-  pkgs.usbutils
-  pkgs.utillinux
-  pkgs.wget
-  pkgs.which
-  pkgs.xdg_utils
-  ] ++ lib.optionals config.host.developer [
-  #pkgs.dracut not yet packaged
-  #pkgs.git-remote-gpg
-  #pkgs.haskell.packages.ghc865.zerobin
-  #pkgs.i7z
-  #pkgs.ipfs
-  #pkgs.linuxPackages.perf
-  #pkgs.meli
-  #pkgs.ncurses
-  #pkgs.profanity
-  #pkgs.ripgrep
-  #pkgs.sdate
-  pkgs.aspell
-  pkgs.aspellDicts.fr
-  pkgs.bc
-  pkgs.binutils
-  pkgs.binwalk
-  pkgs.git-chglog
-  pkgs.git-crypt
-  pkgs.git-quick-stats
-  pkgs.gnumake
-  pkgs.graphviz
-  pkgs.hledger
-  pkgs.hunspell
-  pkgs.hunspellDicts.fr-moderne
-  pkgs.jc
-  pkgs.jq
-  pkgs.libfaketime
-  pkgs.libidn
-  pkgs.libxml2.bin
-  pkgs.mailutils
-  pkgs.neofetch
-  pkgs.neomutt
-  pkgs.nix-prefetch-git
-  pkgs.nixpkgs-review
-  pkgs.opusTools
-  pkgs.p7zip
-  pkgs.pastebinit
-  pkgs.patchelf
-  pkgs.picocom
-  pkgs.qprint
-  pkgs.reuse
-  pkgs.shellcheck
-  pkgs.sipcalc
-  pkgs.socat
-  pkgs.sqlite
-  pkgs.tig
-  pkgs.ubootTools
-  pkgs.unar
-  pkgs.unzip
-  pkgs.vbetool
-  pkgs.wgetpaste
-  pkgs.xmlstarlet
-  pkgs.xsel
-  pkgs.yubikey-personalization
+  home.file."${config.programs.gpg.homedir}/gpg.conf".text = ''
+    # julm@autogeree.net
+    trusted-key 0xD15AF7F467E8299B
+    # julm@sourcephile.fr (2021-08-12)
+    trusted-key 0xA58CD81C3863926F
+  '';
+  services.gpg-agent.sshKeys = [
+    # julm@autogeree.net
+    "D275EBA09C7E1FFBFB47F6EEF164E6D56FB24AB2"
+    # julm@sourcephile.fr (2021-08-12)
+    "3D94D14514F1EA2B6D62F1275D888897B082415D"
+    # Ed25519 key added on: 2021-10-31 06:48:49
+    # Fingerprints:  MD5:fe:fe:81:79:d8:7f:e4:ff:64:ac:f3:1c:bd:65:24:3a
+    #                SHA256:bCfwfC8MQTjm6c1HcMLtzvGpnWRdqLwe/bvbh2jsNaA
+    "F6CCA60CF05FADAE911CFBEC0BCDED22F40A19FD"
   ];
+  programs.irssi.extraConfig = lib.readFile julm/irssi/config;
+  xdg.configFile."doom-config/config.el".text = lib.readFile julm/emacs/config.el;
+  home.file.".irssi/passwd".text = ''
+    FreeNode   : ${pkgs.pass}/bin/pass freenode.net/irc/julm
+    GeekNode   : ${pkgs.pass}/bin/pass geeknode.org/irc/julm
+    IndyMedia  : ${pkgs.pass}/bin/pass indymedia.org/irc/julm
+    Libera     : ${pkgs.pass}/bin/pass libera.chat/irc/julm
+    OFTC       : ${pkgs.pass}/bin/pass oftc.net/irc/julm
+    ToileLibre : ${pkgs.pass}/bin/pass toile-libre.org/irc/julm
+  '';
+  programs.ssh.matchBlocks =
+    {
+      "aubergine.wg" = {
+        compression = true; # Helps to get a better framerate with forwardX11
+        forwardAgent = true;
+        forwardX11 = true;
+        forwardX11Trusted = true;
+        serverAliveInterval = 15;
+      };
+      "patate.wg" = {
+        user = "sevy";
+        #proxyJump = "mermet.wg";
+      };
+    } //
+    lib.genAttrs [ "lan.losurdo.sourcephile.fr" "losurdo.wg" ]
+      (_: {
+        compression = true; # Helps to get a better framerate with forwardX11
+        forwardX11 = true;
+        forwardX11Trusted = true;
+        serverAliveInterval = 15;
+      });
+  programs.git = {
+    userName = "Julien Moutinho";
+    userEmail = "julm@sourcephile.fr";
+    signing.key = "0x4FE467034C11017B429BAC53A58CD81C3863926F";
+    signing.signByDefault = false;
+    extraConfig = {
+      sendemail.smtpEncryption = "ssl"; # Yes, "ssl", not "tls" which does not work because it expects STARTTLS.
+      sendemail.smtpServer = "mail.sourcephile.fr";
+      sendemail.smtpServerPort = "465";
+      sendemail.smtpUser = "julm@sourcephile.fr";
+    };
+  };
 }